-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create DirtyFlipping #2376
Closed
Closed
Create DirtyFlipping #2376
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Lei Hsiung <leihsiung.ray@gmail.com>
Co-authored-by: Beat Buesser <49047826+beat-buesser@users.noreply.github.com> Signed-off-by: Lei Hsiung <leihsiung.ray@gmail.com>
Signed-off-by: Lei Hsiung <leihsiung.ray@gmail.com>
Signed-off-by: Lei Hsiung <leihsiung.ray@gmail.com>
…rsarial-robustness-toolbox into composite-adversarial-attack
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: Lei Hsiung <leihsiung.ray@gmail.com>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: Lei Hsiung <leihsiung.ray@gmail.com>
Signed-off-by: Lei Hsiung <leihsiung.ray@gmail.com>
Signed-off-by: Lei Hsiung <leihsiung.ray@gmail.com>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: Farhan Ahmed <Farhan.Ahmed@ibm.com>
Signed-off-by: Farhan Ahmed <Farhan.Ahmed@ibm.com>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.0.0 to 5.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@0565240...4a13e50) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
Signed-off-by: GiulioZizzo <giulio.zizzo@yahoo.co.uk>
…actions/docker/build-push-action-5.1.0 Bump docker/build-push-action from 5.0.0 to 5.1.0
Bumps [torch](https://github.com/pytorch/pytorch) from 1.13.1 to 2.1.1. - [Release notes](https://github.com/pytorch/pytorch/releases) - [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md) - [Commits](pytorch/pytorch@v1.13.1...v2.1.1) --- updated-dependencies: - dependency-name: torch dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…rosa-0.10.1 Bump librosa from 0.10.0.post2 to 0.10.1
Signed-off-by: Farhan Ahmed <Farhan.Ahmed@ibm.com>
Signed-off-by: Farhan Ahmed <Farhan.Ahmed@ibm.com>
This reverts commit 4db7626. Signed-off-by: Farhan Ahmed <Farhan.Ahmed@ibm.com>
Signed-off-by: Beat Buesser <beat.buesser@ibm.com>
Hugging Face Notebook Improvements
Signed-off-by: Beat Buesser <beat.buesser@ibm.com>
Update to ART 1.17.0
Signed-off-by: Beat Buesser <beat.buesser@ibm.com>
Signed-off-by: Beat Buesser <beat.buesser@ibm.com>
Target Label-Flipping Attack Using Dirty Label-Inversion The attack aims to inject a carefully crafted trigger into clean data samples of a specific target class, introducing a backdoor for potential model misclassification, this is a dirty label-on-label backdoor attack that injects a trigger into clean data samples of a specific target class.
Hi @OrsonTyphanel93 Thank you very much for your pull request! It will be reviewed as soon as possible targeting ART 1.18. |
Hello guys @beat-buesser , you are the best! Before rolling out all these notebooks to the public, please, if a colleague from the ART red and blue team has some free time, could he review the notebooks, in order to make them understandable for non-experts, :) Thanks ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Target Label-Flipping Attack Using Dirty Label-Inversion : Speech Vulnerability !
A dirty label-flipping attack is used in the backdoor approach to produce poisoned data collection. Input consists of clean labels and clean data samples; output is a set of poisoned labels and data. The initial labels and data are kept if the target label is absent from the clean labels. The selected dirty label is applied to the labels of poisoned samples. With a given probability, the label is reversed once the trigger function is applied to the input data. The attack aims to introduce a backdoor for a potential model misclassification by carefully crafting a trigger and injecting it into clean data samples of a certain target class. This is a backdoor attack using "dirty label-on-label" techniques that introduce a trigger into data samples specific to a target class
Testing
The full code
notebook Description
Hi guys @beat-buesser !, I just created the first dynamic backdoor attack by dirty label and label inversion, the attack is stealthy and undetectable, I test them on complex databases TIMIT and AudioMnist,
I also added speaker verification tests such as NeMo from Nividia, my attack was 100% deceptive, all HugginFace speaker verification link failed to detect the deception.
Additional work applying 'DirtyFlipping' to HugginFace models
notebook HugginFace Backdoor link HugginFace Backdoor attack
Test Configuration: